public async Task <OperationResult> SetReadPolicy(string key, ReadAccess access) { try { Bucket bucket = await _client.GetBucketAsync(key); PredefinedBucketAcl bacl = access == ReadAccess.Public ? PredefinedBucketAcl.PublicRead : PredefinedBucketAcl.Private; PredefinedObjectAcl oacl = access == ReadAccess.Public ? PredefinedObjectAcl.PublicRead : PredefinedObjectAcl.Private; _client.UpdateBucket(bucket, new UpdateBucketOptions() { PredefinedAcl = bacl, PredefinedDefaultObjectAcl = oacl }); var buckets = _client.ListObjects(key).ReadPage(Int32.MaxValue / 2); IEnumerable <Task> tasks = buckets.Select(s => _client.UpdateObjectAsync(s, new UpdateObjectOptions() { PredefinedAcl = oacl })); await Task.WhenAll(tasks); return(new OperationResult(true, "", HttpStatusCode.OK)); } catch (GoogleApiException e) { return(new OperationResult(false, e.Message, (HttpStatusCode)e.Error.Code)); } }
public async Task <OperationResult> SetReadPolicy(string key, ReadAccess access) { try { bool exist = await ExistBucket(key); if (!exist) { return(new OperationResult(false, "Bucket does not exist", HttpStatusCode.NotFound)); } CloudBlobContainer bucket = _client.GetContainerReference(key); BlobContainerPermissions perm = await bucket.GetPermissionsAsync(); perm.PublicAccess = access == ReadAccess.Public ? BlobContainerPublicAccessType.Blob : BlobContainerPublicAccessType.Off; await bucket.SetPermissionsAsync(perm); return(new OperationResult(true, "Permission is now " + access.ToString(), HttpStatusCode.OK)); } catch (Exception e) { return(new OperationResult(false, e.Message, HttpStatusCode.BadRequest)); } }
public async Task <OperationResult> SetReadPolicy(string key, ReadAccess access) { OperationResult aclResult = await SetACL(key, access, 10); OperationResult resp = await GetAllObjectURI(key); if (!resp.Success) { return(resp); } IEnumerable <Uri> uris = resp.Message.Split('\n').Where(s => s.Trim() != "").Select(s => new Uri(s)); foreach (Uri uri in uris) { OperationResult acl = await SetBlobACL(uri, access, 10); if (!acl.Success) { return(acl.AppendUri(uri)); } } return(aclResult); }
private async Task <OperationResult> SetPolicy(string key, ReadAccess access, int max, int count = 0) { if (++count == max) { return(new OperationResult(false, "Failed too many times due to conflict", HttpStatusCode.BadRequest)); } OperationResult resp; string endpoint = $"https://s3-{_region}.amazonaws.com/{key}/?policy="; if (access == ReadAccess.Public) { var policy = AWSPolicyFactory.GeneratePolicy(access, key); var content = JsonConvert.SerializeObject(policy); resp = await _client.SendRequest(HttpMethod.Put, endpoint, content, "application/json", HttpStatusCode.NoContent); } else { resp = await _client.SendRequest(HttpMethod.Delete, endpoint, null, "text/plain", HttpStatusCode.NoContent); } if (resp.StatusCode == HttpStatusCode.Conflict) { return(await SetPolicy(key, access, max, count)); } return(resp); }
public async Task <OperationResult> PutBlob(byte[] payload, Uri key) { var resp = await _client.SendRequest(HttpMethod.Put, key, payload); string bucket = key.AbsolutePath.Split('/').Where(s => s.Trim() != "").First(); var highestLevelDomain = key.Host.Split('.').First(); if (highestLevelDomain != _region) { bucket = highestLevelDomain; } bool isPub = await IsBucketPublic(bucket); ReadAccess access = isPub ? ReadAccess.Public : ReadAccess.Private; var acl = await SetBlobACL(key, access, 10); if (!acl.Success) { return(acl); } return(resp.AppendUri(key)); }
public async Task <OperationResult> CreateBlob(byte[] payload, string key) { bool exist = await ExistBlob(key); if (exist) { return(new OperationResult(false, "Object already exist", HttpStatusCode.BadRequest)); } string endpoint = $"https://{_region}.digitaloceanspaces.com/{_key}/{key}"; var resp = await _client.SendRequest(HttpMethod.Put, endpoint, payload); bool isPub = await _bucketClient.IsBucketPublic(_key); ReadAccess access = isPub ? ReadAccess.Public : ReadAccess.Private; var acl = await _bucketClient.SetBlobACL(new Uri(endpoint), access, 10); if (!acl.Success) { return(acl); } return(resp.Success ? resp.AppendUri(endpoint) : resp); }
public override string ToString() { StringBuilder sb = new StringBuilder("{"); sb.Append(ZoneId.ToString() + ","); sb.Append(UserRoleId.ToString() + ","); sb.Append(ReadAccess.ToString() + ","); sb.Append(WriteAccess.ToString() + "}"); return(sb.ToString()); }
protected override void ExecuteWorkflowLogic() { var target = ConvertToEntityReference(Record.Get(Context.ExecutionContext)); #region Build Sharing Mask var rights = AccessRights.None; if (ReadAccess.Get(Context.ExecutionContext)) { rights |= AccessRights.ReadAccess; } if (WriteAccess.Get(Context.ExecutionContext)) { rights |= AccessRights.WriteAccess; } if (DeleteAccess.Get(Context.ExecutionContext)) { rights |= AccessRights.DeleteAccess; } if (AppendAccess.Get(Context.ExecutionContext)) { rights |= AccessRights.AppendAccess; } if (AppendToAccess.Get(Context.ExecutionContext)) { rights |= AccessRights.AppendToAccess; } if (AssignAccess.Get(Context.ExecutionContext)) { rights |= AccessRights.AssignAccess; } if (ShareAccess.Get(Context.ExecutionContext)) { rights |= AccessRights.ShareAccess; } #endregion Build Sharing Mask Context.SystemService.Execute(new ModifyAccessRequest() { PrincipalAccess = new PrincipalAccess() { AccessMask = rights, Principal = User.Get(Context.ExecutionContext) }, Target = target }); }
private void SetReadAccess(Database[] dbs, ReadAccess access) { for (int i = 1; i <= dbs.Length; i++) { Database db = dbs[i - 1]; base.UpdateProgressAndDeclare(0, i, db.Name); if (Force || ShouldProcess(db.Name, string.Format("Make {0}", access.ToString()))) { db.ReadOnly = Convert.ToBoolean(access); db.Alter(); } } base.UpdateProgress(0); }
internal static Policy GeneratePolicy(ReadAccess access, string bucket) { List <PolicyStatement> statements = new List <PolicyStatement>(); if (access == ReadAccess.Public) { statements.Add(new PolicyStatement( "AllowPublicRead" + Guid.NewGuid().ToString(), new string[] { "s3:GetObject" }, "Allow", $"arn:aws:s3:::{bucket}/*", "*" )); } return(new Policy("ReadPolicy" + Guid.NewGuid().ToString(), "2012-10-17", statements.ToArray())); }
internal static string GenerateACL(ReadAccess access, string ownerId) { if (access == ReadAccess.Public) { return($@"<AccessControlPolicy xmlns=""http://s3.amazonaws.com/doc/2006-03-01/""> <Owner> <ID>{ownerId}</ID> </Owner> <AccessControlList> <Grant> <Grantee xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xsi:type=""CanonicalUser""> <ID>{ownerId}</ID> </Grantee> <Permission>FULL_CONTROL</Permission> </Grant> <Grant> <Grantee xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xsi:type=""Group""> <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI> </Grantee> <Permission>READ</Permission> </Grant> </AccessControlList> </AccessControlPolicy>"); } else { return($@"<AccessControlPolicy xmlns=""http://s3.amazonaws.com/doc/2006-03-01/""> <Owner> <ID>{ownerId}</ID> </Owner> <AccessControlList> <Grant> <Grantee xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xsi:type=""CanonicalUser""> <ID>{ownerId}</ID> </Grantee> <Permission>FULL_CONTROL</Permission> </Grant> </AccessControlList> </AccessControlPolicy>"); } }
private async Task <OperationResult> SetACL(string key, ReadAccess access, int max, int count = 0) { if (++count == max) { return(new OperationResult(false, "Failed too many times due to conflict", HttpStatusCode.BadRequest)); } string endpoint = $"https://{_region}.digitaloceanspaces.com/{key}/?acl="; OperationResult resp; //GETACL var ACL = await _client.SendRequest(HttpMethod.Get, endpoint); ACL acl = ACL.Message.DeserializeXMLString <ACL>(); string ownerID = ""; if (acl.AccessControlPolicy != null && acl.AccessControlPolicy.Owner != null) { ownerID = acl.AccessControlPolicy.Owner.ID.ToString(); } else { return(new OperationResult(false, "ACL XML Malformed?", HttpStatusCode.BadRequest)); } string aclData = DigitalOceanACLFactory.GenerateACL(access, ownerID); resp = await _client.SendRequest(HttpMethod.Put, endpoint, aclData); if (resp.StatusCode == HttpStatusCode.Conflict) { return(await SetACL(key, access, max, count)); } return(resp); }
public NetworkModel UpdateReadAccess(AccessMode readAccess, IList <Guid> permittedUsers) { ReadAccess.UpdateMode(readAccess).UpdatePermittedUsers(permittedUsers); return(this); }
public bool IsReadableBy(User?user) { return(ReadAccess.IsAccessibleTo(user?.ComputeAccessLevel(), user?.Id, OwnerId)); }
public Task <OperationResult> SetReadPolicy(string key, ReadAccess access) { return(SetPolicy(key, access, 10)); }
protected override void ExecuteWorkflowLogic() { var target = ConvertToEntityReference(Record.Get(Context.ExecutionContext)); var principal = Principal; var readAccess = ReadAccess.Get(Context.ExecutionContext); var writeAccess = WriteAccess.Get(Context.ExecutionContext); //Let's retrieve attributes first var retrieveEntityRequest = new RetrieveEntityRequest() { LogicalName = target.LogicalName, EntityFilters = EntityFilters.Attributes, RetrieveAsIfPublished = true }; var retrieveEntityResponse = (RetrieveEntityResponse)Context.SystemService.Execute(retrieveEntityRequest); var fields = Fields.Get(Context.ExecutionContext).ToLowerInvariant().Split(',').ToArray(); foreach (var field in fields) { var crmAttribute = retrieveEntityResponse.EntityMetadata.Attributes.FirstOrDefault(a => a.LogicalName == field); if (crmAttribute?.IsSecured == null) { throw new InvalidPluginExecutionException($"{field} attribute is not available in {target.LogicalName} entity"); } if (!crmAttribute.IsSecured.Value) { throw new InvalidPluginExecutionException($"{field} attribute is not secured"); } var queryPOAA = new QueryByAttribute("principalobjectattributeaccess") { ColumnSet = new ColumnSet("readaccess", "updateaccess") }; queryPOAA.AddAttributeValue("attributeid", crmAttribute.MetadataId.Value); queryPOAA.AddAttributeValue("objectid", target.Id); queryPOAA.AddAttributeValue("principalid", principal.Id); var poaa = Context.SystemService.RetrieveMultiple(queryPOAA).Entities.FirstOrDefault(); if (poaa != null) { if (readAccess || writeAccess) { poaa["readaccess"] = readAccess; poaa["updateaccess"] = writeAccess; Context.SystemService.Update(poaa); } else { Context.SystemService.Delete("principalobjectattributeaccess", poaa.Id); } } else if (readAccess || writeAccess) { poaa = new Entity("principalobjectattributeaccess") { ["attributeid"] = crmAttribute.MetadataId.Value, ["objectid"] = target, ["readaccess"] = readAccess, ["updateaccess"] = writeAccess, ["principalid"] = principal }; Context.SystemService.Create(poaa); } } }